CVE-2018-3849

Priority
Description
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images
parsed via the library can cause a stack-based buffer overflow overwriting
arbitrary data. An attacker can deliver an FIT image to trigger this
vulnerability and potentially gain code execution.
Notes
Package
Upstream:released (3.430-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.430-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.430-2)
Ubuntu 20.04 (Focal Fossa):not-affected (3.430-2)
More Information

Updated: 2020-01-29 18:55:07 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)